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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

Claim 1. (Currently Amended): A method of detecting a rogue access point by a client 
comprising the steps of: 

directing a packet from ar^ppfeaf rtthe client to a network through a[[n]] first access 

point; 

receiving a network response packet by the saroteeaat- client from the first access point; 

determining that the firsLaccess point is a rogue access point bvthe client b ased on the 
network response packet received from the access point in being in nonconformity with 
predetermined expectations; 

authenticating the client through a valid access point to the networ k subsequent to 
detemiining that the first access point is a rogue access point ; and 

reporting the first access point as a r opue access point by the client to the network 
through the valid access point. 

Claim 2. (Currently Amended): The method of claim 1, further comprising the step of 
authenticating the supfrtieaat -client t o the network. 

Claims 3 and 4. (Cancelled) 

Claim 5. (Currently Amended): The method of claim 1 wherein the predetermined expectations 
comprise data traffic conforming with ITIEEE ninstitute of Electrical and Electronic 
Engineers 802 JX standards. 

Claim 6. (Previously Presented): The method of claim 1 wherein the predetermined 
expectations comprise a mutual authentication to the network, wherein nonconformity is 
determined by a failure of the mutual authentication. 
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Claim 7. (Currently Amended): The method of claim 6 wherein the mutual authentication 
comprises: 

issuing a challenge from [[the]] an authentication server to the client; 
issuing a counter-challenge from the client to the authentication server: 
wherein mutual authentication fails at the counter-challenge since the .first access 
point's username and password are not found in the authentication server's database. 

Claim 8. (Currently Amended): The method of claim 6 wherein the mutual authentication 
comprises: 

directing a message containing identity credentials from the stfpplkas rtclient through the 
access point, to an authentication server; 

validating the identity credentials of the supp&ea&t -client using the authentication server; 

forwarding a send key from the authentication server to the supplio aa frclient through the 
first access point; 

independently deriving a session key from the send key and the identity credentials by the 
suftfrkeaftfc- client and the authentication server; 

encrypting data packets between the supplicant client and the authentication server using 
the derived session key. 

Claim 9. (Original): The method of claim 8 wherein the credentials are a usemame/password 
combination. 

Claim 10. (Currently Amended): The method of claim 8 further comprising: 

prior to the step of directing, sending a start message from the sgpfrKean talient t o the first 
access point; 

sending an identity request message from the first access point to the s upplican t client : 

and 

wherein the step of directing a message comprises sending an identity response message 
containing the identity credentials fefm -from the ^ppU&aHt-cjierjrtto the first a ccess point in 
response to the identity request message, and forwarding the identity response message from the 
first access point to the authentication server. 
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Claim 11, (Currently Amended): The method of claim 10 wherein the authentication server is a 
RADIUSRemote Authe ntication Dial-In User Service server and wherein the identity response 
message is in the form of a RA&HJ &Remote Authentication Dial-In User Service access request, 
wherein the method further comprises the steps of: 

responding to the RADIUS R emote Authentication Dial-In User Service access request 
with a RAEtfU SRemote Authentication Dial-In User Service challenge from the authentication 
server to the s^pKeairtclignt; and responding from the sw^i^m ^client to the RADIUS Remote 
Authentication Dial-In User Service challenge according to the RADiU SRemote Authentication 
Dial-In User Service protocol. 

Claim 12. (Currently Amended): The method of claim 11 wherein the steps of validating and 
forwarding comprise sending the fiapptifrast -client a RABRJ SRemote Authentication Dial-In 
User Service accept message and wherein the send key comprises an MicroSoft-Microsoft Foint- 
to-Point Encryption M S-MPPE- Send-key. 

Claim 13. (Original): The method of claim 8 wherein the step of forwarding a send key 
comprises supplying key length and key index to specify encryption parameters for the session 
key. 

Claim 14. (Original): The method of claim 10 wherein the encryption parameters are based on 
one of a 40/64-bit and a 104/128-bit key 

Claim 15. (Currently Amended): The method of claim 8 further comprising the initial step of 
configuring the client as a supplicant in a device mode where the identity credentials are stored 
on a network card for non-interactive authentication by a user. 

Claim 16, (Currently Amended): The method of claim 8 further comprising the initial step of 
configuring the client as a supplicant in a network logon mode where the identity credentials are 
integrated into a network logon to enable a single sign-on for network authentication and 
ITPC^ personal computer network logon. 
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Claim 17. (Currently Amended): The method of claim 8 further comprising the initial step of 
establishing authenticator support comprising: 

configuring the vaMdaccess point to use one of 40/64-bit and 104/128-bit frWEP]] Wired 
Equivalent Privacy mode; and 

providing the valid access point with the authentication server address and encryption 
scheme to be used for communication. 

Claim 1 8. (Currently Amended): The method of claim 8 further comprising the initial step of 
establishing the authentication server comprising: 

setting up a user database selected from at least one of a local database and a network 
database; and 

setting up the valid a ccess point as a network access server. 

Claim 19. (Currently Am ended): The method of claim 8 wherein the sapplieaa fclient valid 
access point and authentication server are part of a wireless local area network. 

Claim 20. (Currently Amended): The method of claim 8 wherein the swplioaa fclieiit valid 
access point and authentication server are part of a hard-wired local area network. 

Claim 21. (Currently Amended): A client configured with-as_a supplicant for detecting a rogue 
access point comprising: 

means for directing a packet from the supplicant to a network through a[[n]] first access 

point; 

means for receiving a network response packet by the supplicant from the first access 

point; 

means for determining whether the first access point is a rogue access point based on the 
network response packet received from the access point being in nonconformity with 
predetermined expectations; 
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means adapted for reporting the first access point as a r ogue access point through a vaJad 
second access point that the client is able to authenticate via the means for directing, the means 
for receiving and the means for detennining. 

Claim 22. (Currently Amended): The client of claim 21 further comprising means for 
authenticating the supplicant to the network, if the second a ccess point is determined to be a 
valid network access point. 

Claims 23 and 24 (Cancelled). 

Claim 25. (Currently Amended): The client of claim 21 wherein the predetermined expectations 
comprise data traffic conforming with ITIEEEn institute of Electrical and Electronic 
Engineers 802. IX standards. 

Claim 26. (Previously Presented): The client of claim 1 wherein the predetermined 
expectations comprise a mutual authentication to the network, wherein non-conformity is 
determined by a failure of the mutual authentication. 

Claim 27. (Currently Amended): The client of claim 21 wherein the means for mutual 
authentication comprises: 

means for directing a message containing identity credentials from the supplicant, 
through the second access point, to an authentication server; 

means for validating the identity credentials of the supplicant using the authentication 

server; 

means for forwarding a send key from the authentication server to the supplicant through 
the second access point; 

means for independently deriving a session key from the send key and the identity 
credentials by the supplicant and the authentication server; 

means for encrypting data packets between the supplicant _and the authentication server 
using the derived session key. 
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Claim 28. (Previously Presented); The client of claim 27 wherein the credentials are a 
username/password combination. 

Claim 29. (Currently Amended): The client of claim 27 further comprising: 

means for sending a start message from the supplicant to the second access point prior to 

the means for directing; 

means for sending an identity request message from the second access point to the 

supplicant; and 

wherein the means for directing a message comprises means for sending an identity 
response message containing the identity credentials form the supplicant to the second access 
point in response to the identity request message, and means for forwarding the identity response 
message from the second access point to the authentication server. 

Claim 30- (Currently Amended): The client of claim 29 wherein the authentication server is a 
RAKKJ SRemote Authentication Dial-In User Service server and wherein the identity response 
message is in the form of a R AD I US Remote Authentication Itial-In User Service access request, 
wherein the arrangement further comprises: 

means for responding to the RADIUS R emote Authentication Dial-In User Service access 
request with a RADIUS R emote Authentication Dial-In User Service challenge from the 
authentication server to the supplicant; 

and means for responding from the supplicant to the RABIU SRemote Authentication 

Dial-In User Service challenge according to the RADIUSRemote Authentication Dial-In User 
Service protocol. 

Claim 3 L (Currently Amended): The client of claim 29 wherein the means for validating and 
forwarding comprise means for sending the supplicant a RADIUSRemote Authentication Dial-In 
User Service accept message and wherein the send key comprises an Micro Soft-Microsoft Point- 
to-Point Encryption M S MP?B -Send-kev» 
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Claim 32. (Previously Presented): The client of claim 27 wherein the means for forwarding a 
send key comprises means for supplying key length and key index to specify encryption 
parameters for the session key 

Claim 33. (Previously Presented): The client of claim 32 wherein the encryption parameters are 
based on one of a 40/64-bit and a 104/128-bit key. 

Claim 34. (Currently Amended): The client of claim 27 wherein the supplicant, second access 
point and authentication server are part of a wireless local area network. 

Claim 35. (Currently Amended): The client of claim 27 wherein the supplicant, second.access 
point and authentication server are part of a hard-wired local area network. 
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